This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+3 more
Summary
AI summaryAdded HTTP proxy support for LLM clients and fixed JavaScript escaping in the chat UI.
Full changelog
We're pleased to announce the release of Fess 15.6.1.
This patch release adds HTTP proxy support for LLM clients, allowing deployments behind a corporate proxy to reach OpenAI, Ollama, Gemini, and other LLM endpoints without bespoke wiring. It also fixes a potential JavaScript escaping issue in the chat UI.
Improvements
AI Search Mode / RAG Chat
- LLM HTTP traffic now honors the workspace
http.proxy.*settings, with optional Basic authentication, enabling AI Search Mode to work behind corporate proxies. Subclasses can override the proxy configuration per-client for finer-grained control. (#3128)
Bug Fixes
- Localized labels rendered inside the chat page JavaScript are now properly escaped via the new
fe:escapeJstaglib function, preventing translations that contain quotes, backslashes, or control characters from breaking the chat initialization. (#3126)
We recommend upgrading to Fess 15.6.1 if you run AI Search Mode behind a corporate proxy or rely on heavily customized translations for the chat UI.
:scroll: Documentation
:package: Docker Image: GitHub Packages - codelibs/fess
:speech_balloon: Community Forum: discuss.codelibs.org
Thank you for using Fess!
Security Fixes
- Fixed JavaScript escaping issue in chat UI preventing injection from localized labels containing quotes, backslashes, or control characters
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Beta — feedback welcome: [email protected]